Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add configurable list of users to NOT revoke login #240

Open
vjeeva opened this issue Jun 5, 2023 · 2 comments
Open

Add configurable list of users to NOT revoke login #240

vjeeva opened this issue Jun 5, 2023 · 2 comments

Comments

@vjeeva
Copy link
Contributor

vjeeva commented Jun 5, 2023

Sometimes when running "revoke-logins", some users needs to be excluded. From this.

It would be nice if this were baked into pgbelt somehow, an ignore list of users when revoking logins.
@vjeeva
Copy link
Contributor Author

vjeeva commented Oct 23, 2023

We should fix up the revoke-logins code.

It seems we have a global list of users to NOT revoke, which is fine.

It seems it uses the other_users key as a list of ALL other users in the database other than root, schema owner and pglogical, unless you specify what users are to be in that list.

The code then forces the owner to for sure be revoked, and then every other other in other_users as long as it is not globally excluded.

This is very confusing.

@vjeeva
Copy link
Contributor Author

vjeeva commented Oct 23, 2023

The revoke-logins code should instead do the following:

  • Obtain all users with login, and the revoke logins from all of them except ones in the global exclude list.

  • There should be a key in the config to exclude more users from getting their logins revoked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vjeeva